diff --git a/docs/MANAGED.md b/docs/MANAGED.md index 0b3c5a283..66d689051 100644 --- a/docs/MANAGED.md +++ b/docs/MANAGED.md @@ -41,24 +41,28 @@ In some cases, it is required to include some Keycloak defaults because keycloak ### Supported Full Managed Resources -| Type | Additional Information | Resource Name | -|---------------------------------|----------------------------------------------------------------------------------|----------------------------------| -| Groups | - | `group` | -| Required Actions | You have to copy the default one to your import JSON. | `required-action` | -| Client Scopes | - | `client-scope` | -| Scope Mappings | - | `scope-mapping` | -| Client Scope Mappings | - | `client-scope-mapping` | -| Roles | - | `role` | -| Components | You have to copy the default components to your import JSON. | `component` | -| Sub Components | You have to copy the default components to your import JSON. | `sub-component` | -| Authentication Flows | You have to copy the default components to your import JSON, except built-in flows.| `authentication-flow` | -| Identity Providers | - | `identity-provider` | -| Identity Provider Mappers | - | `identity-provider-mapper` | -| Clients | - | `client` | -| Clients Authorization Resources | The 'Default Resource' is always included. | `client-authorization-resources` | -| Clients Authorization Policies | - | `client-authorization-policies` | -| Clients Authorization Scopes | - | `client-authorization-scopes` | -| Message Bundles | Only message bundles imported with config-cli will be managed/deleted. | `message-bundles` | + +| Type | Additional Information | Resource Name | +|---------------------------------|-------------------------------------------------------------------------------------------------|----------------------------------| +| Groups | - | `group` | +| Required Actions | You have to copy the default one to you import json. | `required-action` | +| Client Scopes | - | `client-scope` | +| Scope Mappings | - | `scope-mapping` | +| Client Scope Mappings | - | `client-scope-mapping` | +| Roles | If not set as 'full', the attributes of realm-level role will be updated instead of override. | `role` | +| Components | You have to copy the default components to you import json. | `component` | +| Sub Components | You have to copy the default components to you import json. | `sub-component` | +| Authentication Flows | You have to copy the default components to you import json, expect builtin flows | `authentication-flow` | +| Identity Providers | - | `identity-provider` | +| Identity Provider Mappers | - | `identity-provider-mapper` | +| Clients | - | `client` | +| Clients Authorization Resources | The 'Default Resource' is always included. | `client-authorization-resources` | +| Clients Authorization Policies | - | `client-authorization-policies` | +| Clients Authorization Scopes | - | `client-authorization-scopes` | +| Message Bundles | Only message bundles imported with config-cli will be managed/deleted. | `message-bundles` | + + + ### Disabling Deletion of Managed Entities diff --git a/src/main/java/de/adorsys/keycloak/config/repository/RoleRepository.java b/src/main/java/de/adorsys/keycloak/config/repository/RoleRepository.java index b72397dab..b872fd8e6 100644 --- a/src/main/java/de/adorsys/keycloak/config/repository/RoleRepository.java +++ b/src/main/java/de/adorsys/keycloak/config/repository/RoleRepository.java @@ -97,7 +97,7 @@ public RoleRepresentation getRealmRole(String realmName, String roleName) { public List getRealmRoles(String realmName) { return realmRepository.getResource(realmName) - .roles().list(); + .roles().list(false); } public List getRealmRolesByName(String realmName, Collection roles) { diff --git a/src/main/java/de/adorsys/keycloak/config/service/RoleImportService.java b/src/main/java/de/adorsys/keycloak/config/service/RoleImportService.java index 745e7cdb9..752ccf1a8 100644 --- a/src/main/java/de/adorsys/keycloak/config/service/RoleImportService.java +++ b/src/main/java/de/adorsys/keycloak/config/service/RoleImportService.java @@ -36,6 +36,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Objects; @@ -211,8 +212,21 @@ private void updateRoleIfNeeded( ) { String roleName = roleToImport.getName(); RoleRepresentation patchedRole = CloneUtil.patch(existingRole, roleToImport, propertiesWithDependencies); - if (roleToImport.getAttributes() != null) { + + if (importConfigProperties.getManaged().getRole() == ImportConfigProperties.ImportManagedProperties.ImportManagedPropertiesValues.FULL + && roleToImport.getAttributes() != null) { + logger.debug("Setting the attributes of the patched realm-level role as roleToImport attributes"); patchedRole.setAttributes(roleToImport.getAttributes()); + } else { + logger.debug("Setting the attributes of the patched realm-level role as a merge of roleToImport and existingRole"); + Map> attributes = new HashMap<>(); + if (existingRole.getAttributes() != null) { + attributes.putAll(existingRole.getAttributes()); + } + if (roleToImport.getAttributes() != null) { + attributes.putAll(roleToImport.getAttributes()); + } + patchedRole.setAttributes(attributes); } if (!CloneUtil.deepEquals(existingRole, patchedRole)) {